diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index c888ab84..79c6d78f 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -61,8 +61,10 @@ options. See the below help output. -C | --clone Create a clone jail. -D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Create an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -g | --gateway IP Specify a default router/gateway for the jail. -L | --linux Create a Linux jail (experimental). -M | --static-mac Generate a static MAC address for jail (VNET only). + -n | --nameserver IP,IP Specify nameserver(s) for the jail. Comma separated. --no-validate Do not validate the release when creating the jail. --no-boot Create jail with boot=off. -p | --priority VALUE Set priority value for jail. @@ -70,4 +72,4 @@ options. See the below help output. -V | --vnet Enable VNET, and attach to an existing, physical interface. -v | --vlan VLANID Creates the jail with specified VLAN ID (VNET only). -x | --debug Enable debug mode. - -Z | --zfs-opts [zfs,options] Comma separated list of ZFS options to create the jail with. This overrides the defaults. \ No newline at end of file + -Z | --zfs-opts zfs,options Comma separated list of ZFS options to create the jail with. This overrides the defaults. diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 9407c697..87400515 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -544,4 +544,4 @@ checkyesno() { esac } -set_bastille_mountpoints \ No newline at end of file +set_bastille_mountpoints diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 272f69e1..9b0e4933 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -44,8 +44,10 @@ usage() { -C | --clone Create a clone jail. -D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Create an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -g | --gateway IP Specify a default router/gateway for the jail. -L | --linux Create a Linux jail (experimental). -M | --static-mac Generate a static MAC address for jail (VNET only). + -n | --nameserver IP,IP Specify nameserver(s) for the jail. Comma separated. --no-validate Do not validate the release when creating the jail. --no-boot Create jail with boot=off. -p | --priority VALUE Set priority value for jail. @@ -53,7 +55,7 @@ usage() { -V | --vnet Enable VNET, and attach to an existing, physical interface. -v | --vlan VLANID Creates the jail with specified VLAN ID (VNET only). -x | --debug Enable debug mode. - -Z | --zfs-opts [zfs,options] Comma separated list of ZFS options to create the jail with. This overrides the defaults. + -Z | --zfs-opts zfs,options Comma separated list of ZFS options to create the jail with. This overrides the defaults. EOF exit 1 @@ -190,6 +192,12 @@ validate_netif() { else info "\nValid: (${INTERFACE})." fi + # Don't allow dots in INTERFACE if -V + if [ -n "${VNET_JAIL}" ] && [ -z "${VNET_JAIL_BRIDGE}" ]; then + if echo "${INTERFACE}" | grep -q "\."; then + error_exit "[ERROR]: [-V|--vnet] does not support dots (.) in interface names." + fi + fi } validate_release() { @@ -626,7 +634,9 @@ create_jail() { _ifconfig_inet=SYNCDHCP else # Else apply the default gateway - if [ -n "${bastille_network_gateway}" ]; then + if [ -n "${OPT_GATEWAY}" ]; then + _gateway="${OPT_GATEWAY}" + elif [ -n "${bastille_network_gateway}" ]; then _gateway="${bastille_network_gateway}" else _gateway="$(netstat -4rn | awk '/default/ {print $2}')" @@ -692,6 +702,14 @@ create_jail() { fi fi + # Apply nameserver (if set) + if [ -n "${OPT_NAMESERVER}" ]; then + sed -i '' "/^nameserver.*/d" "${bastille_jail_resolv_conf}" + for _ns in $(echo ${OPT_NAMESERVER} | sed 's/,/ /g'); do + echo "nameserver ${_ns}" >> "${bastille_jail_resolv_conf}" + done + fi + # Apply values changed by the template. -- cwells if [ -z "${EMPTY_JAIL}" ] && [ -z "${LINUX_JAIL}" ]; then bastille restart "${NAME}" @@ -724,6 +742,8 @@ STATIC_MAC="" DUAL_STACK="" VALIDATE_RELEASE="1" PRIORITY="99" +OPT_GATEWAY="" +OPT_NAMESERVER="" while [ $# -gt 0 ]; do case "${1}" in -h|--help|help) @@ -746,6 +766,16 @@ while [ $# -gt 0 ]; do EMPTY_JAIL="1" shift ;; + -g|--gateway|--defaultrouter) + OPT_GATEWAY="${2}" + # Validate gateway + if [ -n "${OPT_GATEWAY}" ]; then + if ! validate_ip "${OPT_GATEWAY}" >/dev/null 2>/dev/null; then + error_exit "[ERROR]: Not a valid gateway: ${OPT_GATEWAY}" + fi + fi + shift 2 + ;; -L|--linux) LINUX_JAIL="1" shift @@ -754,6 +784,18 @@ while [ $# -gt 0 ]; do STATIC_MAC="1" shift ;; + -n|--nameserver) + OPT_NAMESERVER="${2}" + # Validate nameserver + if [ -n "${OPT_NAMESERVER}" ]; then + for _nameserver in $(echo ${OPT_NAMESERVER} | sed 's/,/ /g'); do + if ! validate_ip "${_nameserver}" >/dev/null 2>/dev/null; then + error_exit "[ERROR]: Invalid nameserver(s): ${OPT_NAMESERVER}" + fi + done + fi + shift 2 + ;; -p|--priority) if echo "${2}" | grep -Eoq "^[0-9]+$"; then PRIORITY="${2}" @@ -779,11 +821,11 @@ while [ $# -gt 0 ]; do shift ;; -v|--vlan) - if echo "${2}" | grep -Eq '^[0-9]+$'; then + if echo "${2}" | grep -Eq '^[0-9]+$'; then VLAN_ID="${2}" - else + else error_exit "Not a valid VLAN ID: ${2}" - fi + fi shift 2 ;; -x|--debug)